General
-
Target
00aa65bb6c94d28f04933ebc90a56bf75d62ac3cd246afa1ef60d671a40ee978.zip
-
Size
299KB
-
Sample
210924-n5z13sghb4
-
MD5
bead7a59737448e6ef9c0db98eb2571d
-
SHA1
4100c0d645d136de96da7d373e668f853700f809
-
SHA256
a3b44997bc49506912360e2dfbcf708a400c555efd6841246e499a83ebf12232
-
SHA512
98af08dd406ddd3ddfd51cd1caf43da9975f5e980a4bf16d7c0e52a693d614738da9a5154b33218584e575c6facb537b03b49b8ac6f016bf32b272cb702f1aca
Static task
static1
Behavioral task
behavioral1
Sample
B1o.exe
Resource
win7v20210408
Malware Config
Extracted
xloader
2.3
chg
http://www.chiaketo.com/chg/
worldvaypg.com
cremationprosguiding.info
counterpub.com
steamed-chicken.com
bethhavencemetery.com
wanda12.com
thejdot.com
juliusbuckley.com
realloveawaitsnow.com
healthandenergyadvisors.com
stockholmfasadputs.com
uvsafetysolutions.com
mamucosmetic.com
konoozalyemen.com
grillschalen.com
zljmys.com
paradseautos.com
home360.asia
domentemenegi37.com
farazahmadosama.com
phpman.info
momenwang.com
globalstressengineers.info
syu38.com
thegiftsofmentalillness.com
bytephunk.com
boutiquedmcretreats.com
jialongvideo.com
736spadina.com
omicai.com
brandonneffdesign.com
simranmahindrakar.com
kashmirishoping.com
pinggutech.com
shangjingtang.com
sweetdesignsbykathy.com
rcengichem.com
smart-money-gal.com
ilbfoundation.com
hairstage.xyz
xn--buildenv-bdb.com
covidrecess.com
masihkecewa.com
mnt-sa.net
arcturus-realty.com
gameonaustralia.com
khanamericantools.com
grabbarquote.com
mamentos.info
zero-nezumi.com
fastfoodchicago.com
bikalu.com
powersmoney.com
ninisex.com
hntbank.com
aacj.ink
84streetchamber.com
saharamoverspackers.com
ellibromagico.com
itscat.xyz
woodlandsandthyme.com
avcitoptan.com
industrialareadirectory.com
glendadestatesteam.com
Targets
-
-
Target
B1o.exe
-
Size
614KB
-
MD5
5e3dc4e700d55cb8232bdbeade8ca8ad
-
SHA1
8a4c46e292dafb7db736c03f784a997b6dece9aa
-
SHA256
00aa65bb6c94d28f04933ebc90a56bf75d62ac3cd246afa1ef60d671a40ee978
-
SHA512
6b1d6e010c303ea7663f33d82255eea9f0c0c2b941301788b3e811138c1f08021b922e4a63426b2f3deb00d5b36e4d2eed3ea640a7562998836b87e2bfa02cf9
-
Xloader Payload
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-